On June 28, 2011, the Federal Financial Institutions Examination Council (“FFIEC”) updated their 2005 guidance, Authentication in an Internet Banking Environment (October 12, 2005) (the “Original Guidance”), on authentication for Internet banking. Titled the ” Supplement to Authentication in an Internet Banking Environment” (the “Supplemental Guidance”), the Supplement Guidance sets forth common issues that, beginning in January 2012, examiners from the FFIEC member agencies (the National Credit Union Administration, the Federal Reserve, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision and state financial regulators) are to look for when they assess banks and credit unions for safety, soundness, and compliance with federal regulations. The FFIEC notes in the Supplemental Guidance that customer authentication methods and controls implemented in conformance with the Original Guidance have become less effective as fraudsters have implemented more sophisticated and malicious methods to compromise authentication mechanisms and that various types of complicated attack tools have been developed and automated into downloadable kits that are increasingly available. To address these and related issues, the Supplemental Guidance discusses the need for layered security, performing risk assessments, implementing effective strategies for mitigating identified risks, and raising customer awareness of potential risks, but does not endorse any specific technology for doing so.